Modelling in risk management: beyond regulatory compliance

Somkrit Krishnamra March 6, 2014 1:00 am

THE POLITICAL problem and potential weakening of the economy have been reflected by the Bank of Thailand, as well as other agencies, revising down their forecasts for GDP growth for 2014. This also affects the local banking industry, in particular by increasing credit risk resulting from slower loan growth and higher ratios of non-performing loans.

Prudent risk management is of paramount importance during times of economic slowdown. Banks may need to review their risk-management processes and procedures to ensure they are effective.

One element of risk management relates to use of models. Models can be powerful tools in assessing risk, determining the value of assets and liabilities and improving decision support. In terms of risk management, they are also used for identifying, measuring, monitoring and mitigating risks.

Regulatory requirements include models such as stress tests. However, understanding the risks and limitations of these models is of vital importance, as decisions based on models that are incorrect or misused can have severe consequences.

Past events have shown that failure in risk management resulted in huge losses. The financial crisis that began in 2007 was one of the worst in history, and it changed the international banking landscape in the United States and Europe. Risk-management functions and various sophisticated models failed to spot the problems with CDOs (collateralised debt obligations) and other structured asset-based securities.

Casualties included well-known names like Lehman Brothers, Merrill Lynch, AIG, Fortis and Royal Bank of Scotland. Credit-rating agencies were also criticised for not performing their role and relying too much on academic risk models, using the past as a benchmark and not taking into account other potential risky events and adverse scenarios.

Going further back, the collapse of the Long-Term Capital Management (LTCM) hedge fund in the late 1990s proved that even complex mathematical models developed by winners of the Nobel Prize in Economic Sciences could fail and lead to massive bailouts on Wall Street.

The financial turmoil of recent years has had a significant impact on model practice within banks. The lesson learned is that simply relying on the outcome of models is a risk itself. Therefore, understanding the risks, their limitations and the economic environment is critical when using these tools. The importance of a well-maintained model governance framework and the transparent accountability of roles and responsibilities have been emphasised by regulators and supervisors in all regions around the world.

In Thailand, many banks may not use as models or risk-management systems that are as sophisticated as those adopted by global banks. However, the importance of models and risk management cannot be understated.

One good example is on stress testing.

Some events were thought to be extremely rare, such as the severe flooding of 2011, where 65 of Thailand's 77 provinces were declared flood disaster zones. The World Bank estimated US$45.7 billion in economic damages and losses due to flooding. Many industrial estates were severely damaged and flood water almost reached the Bangkok business district. This is now considered part of possible scenarios under stress testing.

Other less severe but unique events such as the recent bank run at one of the state-owned institutions should also be incorporated as a possible risk event. Incorporation of stress-test scenarios into the governance framework and utilising the results with the decision-making process is a good opportunity to test the resilience of the risk appetite framework.

Stress testing enables top management to prepare contingency and remediation plans in the event that an institution's maximum risk tolerance is exceeded. In the case of credit risk, for instance, a stress-testing policy has to be documented, covering a procedure on setting and monitoring stress loss limits, as well as specifying a remediation plan should such limits be exceeded.

In terms of regulatory requirements, there are different dimensions, for example, from an accounting and risk-management perspective.

From the accounting perspective, collective impairment in IAS 39 (an accounting standard for financial instruments released by the International Accounting Standards Board) requires a statistical model to estimate loan-loss provision.

There are numerous requirements and guidelines on models under risk management, from stress testing under ICAAP (the Internal Capital Adequacy Assessment Process) to various internal models for more advanced approaches outlined in Basel II and Basel III. Requirements under Basel govern the assessment of capital adequacy. Also risk models such as A-Score and B-Score are critical to credit-risk management for retail-loan portfolios.

The degree of effectiveness and correctness of these models have direct impacts on a bank's financial position and strategy.

With the widespread use of models in the banking industry, it is crucial that good model governance frameworks are in place to reduce "model risk", which is defined as risk that a model insufficiently reflects actual economic reality. The model life cycle aims to control and reduce model risk.

Examples of key stages in the model cycle are model development, model validation and model implementation. The enhancement of the model governance framework as well as the improvement of data quality is critical to maintain the effectiveness. A model governance framework could provide support and structure to the risk-management function by stating policies for risk-management activities, assigning roles and responsibilities and providing implementation as well as evaluation procedures.

Modern banking operations are increasingly becoming more dynamic and complex. Uncertainty and risk stemming from events in the past, present and also the future mean that banks will need to continue adapting and refining their models. Effective use of models helps to enhance the quality of risk management, and by doing so, adds value.